[opensuse-autoinstall] "SHA1 sum wrong" after modifying control.xom
Hi I have created a YaST client module that snaps into the AutoYaST workflow for running displaying the progress of custom scripts (http://www.novell.com/communities/node/8961/) and a part of this game is to modify <instsrc>/control.xml. While this works fine for SLES 10, SLES 11 is more careful. First it gave me an error like this : <instsrc>/control.xml : SHA1 sum wrong. If you really trust your repository, you may continue in an insecure mode. (OK/Back) Hmm ... OK fair enough - naively I entered a new SHA1 sum in <instsrc>/content hoping that would be it. :( Now I get a less friendly popup saying : <instsrc>/content: Invalid signature Aborting installation I see there is a content.key file, but since I don't know the password to it, it guess it is useless to try to generate a new content.asc. Is there any way around this, or do we not want customer's to port their customizations to SLE 11 ? Thanks. Best regards Andreas Taschner -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org
Off topic I know but: Is there an SLES or OpenSUSE mailing list that deals with LVM/LUNs and powerpath/multipathing subjects? I would rather stay away from opensuse@opensuse.org because I end up with a lot of Email that would probably suited to a list orientated to Suse desktop environments. -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org
on Thursday 10 September 2009 Simon Loewenthal/NL/Tele2 wrote:
Is there an SLES or OpenSUSE mailing list that deals with LVM/LUNs and powerpath/multipathing subjects?
I would rather stay away from opensuse@opensuse.org because I end up with a lot of Email that would probably suited to a list orientated to Suse desktop environments.
Unfortunately there are no such lists from Novell/openSUSE that I know of -- ciao, Uwe Gansert Uwe Gansert SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) Business: http://www.suse.de/~ug listening to: "Wishmaster" by Nightwish -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org
Hi,
I have created a YaST client module that snaps into the AutoYaST workflow <-- snip --> While this works fine for SLES 10, SLES 11 is more careful. First it gave me an error like this : <instsrc>/control.xml : SHA1 sum wrong. If you really trust your repository, you may continue in an insecure mode. (OK/Back)
The easy and fast way around - boot with 'insecure=1' option appended to your BL parameters. This tells Linuxrc (http://en.opensuse.org/Linuxrc) not to check SHA1 sums of every file it downloads, so it won't complain anymore.
I see there is a content.key file, but since I don't know the password to it, it guess it is useless to try to generate a new content.asc.
Is there any way around this, or do we not want customer's to port their customizations to SLE 11 ?
In general, if you modify a control file, you have to sign again the whole repository with a key available to you, that is, compute again all the checksums, replace content.key, content.asc ... erm ... you don't want to do that :) it is rather cumbersome. Looking at the initial description, inserting a new step into workflow (more generally, modifying an installation workflow) is a good candidate for creating an add-on media, be it only very simplistic one. And this can also be signed, so you are on a safe side: Here is a how-to for signing add-ons, maybe some parts of it will be helpful to you: http://ugansert.blogspot.com/2009/01/opensuse-111-sles11-and-add-ons.html hB. -- \\\\\ Katarina Machalkova \\\\\\\__o YaST developer __\\\\\\\'/_ & hedgehog painter -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org
Hi Katarina
On 9/10/2009 at 14:57, Katarina Machalkova <kmachalkova@suse.cz> wrote:
The easy and fast way around - boot with 'insecure=1' option appended to your BL parameters. This tells Linuxrc (http://en.opensuse.org/Linuxrc) not to check SHA1 sums of every file it downloads, so it won't complain anymore.
Thank you very much for your reply and suggestions. insecure=1 works fine for me although Uwe Gansert's blog was also very interesting reading. Will keep that approach in mind for very security-conscious customers (with too much time on their hands). //Andreas -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org
participants (4)
-
Andreas Taschner -
Katarina Machalkova -
Simon Loewenthal/NL/Tele2 -
Uwe Gansert